Tons of Patches, Facebook Botnets, and Infected Hand Scanners
After a couple weeks of hiatus, we’re finally back with our weekly security news summary video. If you want to learn about all the week’s important security news from one convenience resource, this is the place to get it.
This episode covers the latest popular software security updates from the last two weeks, and interesting Litecoin mining botnet that Facebook helped eradicate, and an advanced attack campaign that leverages pre-infected hardware products. Watch the video for the details, and check out the Reference’s for more information, and links to many other interesting InfoSec stories.
Enjoy your summer weekend, and stay safe!
(Episode Runtime: 7:37)
Direct YouTube Link: https://www.youtube.com/watch?v=oAHYUW1KkM0
Episode References:
- Microsoft’s July Patch Day
- Apple’s June Patches
- Apple’s June OS X security updates – Apple
- Apple’s June Safari security update – Apple
- iOS 7.1.2 security update – Apple
- Apple TV June security update – Apple
- Adobe Patch Day
- Facebook helps thwart Lecpetex Litecoin botnet – Facebook
- Zombie Zero: Malware found in Chinese Inventory Scanners – Network World
- TrapX report or Hand Held Scanners attack campaign – TrapX
- Dark Reading covers Zombie Zer0 – Dark Reading
Extras:
- US arrests accused Russia CC hacker; Russia claims kidnapping – Krebs on Security
- Microsoft botnet shutdown had collateral damage on No-IP – SC Magazine
- EFF sues NSA for using 0day – Network World
- The NSA gathers far more info from general Internet users than it does targeted foreign national – The Washington Post
- HotelHippo shut down after discovery of security flaws on site – SC Magazine
- Accused UK hacker jailed for refusing to hand over his password and crypto keys – The Register
- Google Glass can steal passwords from 10ft away (hyperbole?) – We Live Security
- DoHS accuses Chinese attackers of hacking records from Office of Personnel Management – NY Times
- New PoS botnet surfaced on the underground in May – The Register
- PoS Botnet leverages RDP – SC Magazine
- Google patched a Drive file leaking vulnerability – Naked Security
- Flaw in smart bulbs could leak Wifi passwords – Ars Technica
- Google blocks a lot of unauthorized digital certificates from India – Google
- Dragonfly ICS malware affects global energy companies – IT Portal
- Older F-Secure story – The Register
- Gizmodo also covers this story – Gizmodo
- Latest iOS jailbreak supports iOS 7.1.2 – CNET
- Hijack Hunter; a comparable tool to HijackThis – Ghacks
- Cloud Remote Access and common password allowed attacker in – Computer World
- Cisco Unified Communications have hard coded SSH key (backdoor) – The Register
- Patch for Cisco UC backdoor – Cisco
- MiniDuke authors seem to target drug dealers – The Guardian
- CosmicDuke targets drug dealers and military contractors – Techweek
- Dailymotion hijacked to serve Drive-by Download… again! – Network World
- Zeus will never die (re-emerges after a takedown) – Ars Technica
- Tinba malware source code leak – CSIS
- Tinba malware analysis – Trend Micro
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply